[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [16065] prevent sql-injection
|
From: |
sigurdne |
|
Subject: |
[Fmsystem-commits] [16065] prevent sql-injection |
|
Date: |
Fri, 9 Dec 2016 12:37:29 +0000 (UTC) |
Revision: 16065
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=16065
Author: sigurdne
Date: 2016-12-09 12:37:29 +0000 (Fri, 09 Dec 2016)
Log Message:
-----------
prevent sql-injection
Modified Paths:
--------------
trunk/phpgwapi/inc/class.phpgw.inc.php
Modified: trunk/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.phpgw.inc.php 2016-12-09 10:39:23 UTC (rev
16064)
+++ trunk/phpgwapi/inc/class.phpgw.inc.php 2016-12-09 12:37:29 UTC (rev
16065)
@@ -465,7 +465,7 @@
$value = filter_var($value,
FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
$value =
htmlspecialchars($value, ENT_QUOTES, 'UTF-8', true);
// $value = htmlentities($value,
ENT_QUOTES, 'UTF-8', true);
- $value = str_replace(array('(',
')', '=', '--',';'),array('(', ')', '=','−−',';'),
$value); // prevent SQL-injection
+ $value =
str_replace(array(';','(', ')', '=', '--'),array(';','(', ')',
'=','−−'), $value); // prevent SQL-injection
break;
case 'boolean':
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [16065] prevent sql-injection,
sigurdne <=